EP4187420A1 - Procédé de gestion de ressources, dispositif informatique, équipement informatique et support de stockage lisible - Google Patents

Procédé de gestion de ressources, dispositif informatique, équipement informatique et support de stockage lisible Download PDF

Info

Publication number
EP4187420A1
EP4187420A1 EP22209122.5A EP22209122A EP4187420A1 EP 4187420 A1 EP4187420 A1 EP 4187420A1 EP 22209122 A EP22209122 A EP 22209122A EP 4187420 A1 EP4187420 A1 EP 4187420A1
Authority
EP
European Patent Office
Prior art keywords
resource
chip
lifecycle
architecture system
security architecture
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22209122.5A
Other languages
German (de)
English (en)
Inventor
Ming Zhang
Yanzhao Feng
Yufeng Guo
Qingshan Zhu
Zhuo MA
Zhiqiang Chen
Jianyue Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Phytium Technology Co Ltd
Original Assignee
Phytium Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Phytium Technology Co Ltd filed Critical Phytium Technology Co Ltd
Publication of EP4187420A1 publication Critical patent/EP4187420A1/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Definitions

  • the present disclosure is related to the technical field of processors and, more specifically, to a resource management method, a computing device, a computing equipment, and a readable storage medium.
  • the security architecture system of the computing equipment can include a secure element (SE) subsystem , which is used to builda secure computing environment.
  • SE secure element
  • important resources such as root keys and other information are stored in the SE subsystem. Because of the importance of such resources, there is a need to ensure the security of the computing environment at all stages of the computing equipment from production to use.
  • embodiments of the present application provide a computing equipment including a security architecture system.
  • the security architecture system includes a secure element subsystem, and the secure element subsystem stores a plurality of resources.
  • the security architecture system is configured with N chip lifecycle states, N being an integer greater than 1.
  • the access authority of the resources is associated with the N chip lifecycle states.
  • the computing equipment includes a processor; and a memory storing computer-readable program instructions. When the computer-readable program instructions are being executed by the processor, the processor is caused to perform access control on a resource based on a current chip lifecycle state of the security architecture system, the current chip lifecycle state of the security architecture system belonging to one of the N chip lifecycle states.
  • the security architecture system of a computing equipment may have three types of subsystems, namely, a rich execution environment (REE) subsystem, a trusted execution environment (TEE) subsystem, and a security element (SE) subsystem.
  • FIG. 1 shows a schematic block diagram of a security architecture system 100.
  • the application running in the REE subsystem can be referred to as a client application (CA), which has low security and is vulnerable to attacks.
  • the application running in the TEE subsystem can be referred to as a trusted application (TA), and its security is higher than the security of the REE, to support functions such as verifying the payment environment in the payment process.
  • the application running in the SE subsystem can be referred to as a secure element application (Applet), and its security is the highest among these three types of subsystems.
  • the system security can be ensured through the cooperation between these three types of subsystems.
  • FIG. 1 is a schematic diagram of a security architecture system including a plurality of subsystems in the related art.
  • the subsystems include the REE subsystem, the TEE subsystem, and the SE subsystem, and the three subsystems may also be referred to as three application environments. It should be understood that the application scenarios of the resource management method described above is not limited to the scenario shown in FIG. 1 .
  • the security architecture system may include only one of the REE subsystem and the TEE subsystem.
  • the REE subsystem and the TEE subsystem may be implemented as a whole as a subsystem, which is not limited in the embodiments of the present disclosure.
  • the REE subsystem may include a general operating system running on a general-purpose embedded processor, in which application programs, such as application program 1 to application program n, where n is a positive integer, shown in FIG. 1 , are installed.
  • application programs such as application program 1 to application program n, where n is a positive integer, shown in FIG. 1
  • an application program may be a program involving payment scenarios, in which basic services such as browsing items, selecting items, submitting order, etc. are implemented.
  • many security measures such as device access control, device data encryption mechanism, application runtime isolation mechanism, and permission verification-based access control are adopted in the REE subsystem, the security of important data in applications cannot be ensured.
  • the trusted applications provide a trusted operating environment for the REE subsystem, and ensure end-to-end security by maintaining confidentiality and integrity, and controlling the data access authority.
  • the TEE subsystem may run in parallel with the REE subsystem and interact with the REE subsystem through an application programming interface (API).
  • API application programming interface
  • a trusted and secure resource storage and computing environment may also be established based on the SE.
  • a security service request may be sent by the TEE subsystem to the SE subsystem to enable the SE subsystem to implement the requested security service.
  • the security service request may be used to request the root key stored in the SE subsystem to verify the transaction information, such as requesting the payment root key stored in the SE subsystem to verify the payment key input by the user.
  • the software system in the SE is relatively simple, including fewer hardware components. Therefore, it is easy to establish physical protection and implement security measures, thereby improving the security strength of the SE to serve security systems with higher security requirements.
  • the security applications such as security application 1 to security application m, where m is a positive integer, shown in FIG. 1 , can be implemented in the SE.
  • the resource management method provided by the embodiments of the present disclosure can be applied to an application environment with high security requirements, such as managing important resources stored in the SE subsystem.
  • the application related to the important resources stored in the SE subsystem may be a traditional smart card such as a bank card, a bus card, and a USB shield.
  • the security architecture system implementing the resource management method described above can provide users with services with higher security.
  • the electronic device may be a mobile terminal, a desktop computer, a tablet computer, a personal computer (PC), a personal digital assistant (PDA), a smart watch, a netbook, a wearable electronic device, an augmented reality (AR) device, etc. that can install applications and implement the corresponding application functions.
  • the present disclosure does not limit the specific form of the electronic device.
  • the mobile terminal 200 includes a processor 201, a radio frequency (RF) circuit 202, a memory 203, a touch display screen 204, a Bluetooth device 205, one or more sensors 206, a wireless fidelity (Wi-Fi) device 207, a positioning device 208, an audio circuit 209, a peripheral interface 210, and a power supply 211. These components may communicate vis one or more communication buses or signal lines. Those skilled in the art can understand that the hardware structure shown in FIG. 2A does not constitute a limitation on the mobile terminal.
  • the mobile terminal 200 may include more or less components, combine some components, or arrange the components differently.
  • Each component of the mobile terminal 200 will be described in detail below with reference to FIG. 2A .
  • the processor 201 is the control center of the mobile terminal 200.
  • the processor 201 may use various interfaces and lines to connect various parts of the mobile terminal 200.
  • the processor 201 may be configured to execute various functions of the mobile terminal 200 and process data by running or executing the application programs stored in the memory 203 and calling the data stored in the memory 203.
  • the processor 201 may include one or more processing units.
  • the processor 201 may be various types of processor chips.
  • the RF circuit 202 may be used to receive and transmit wireless signals in the process of sending and receiving information or calling.
  • the RF circuit 202 may receive the downlink data of the base station, send the data to the processor 201 processing, and send the data related to the uplink to the base station.
  • the RF circuit may include, but is not limited to, antennas, at least one amplifier, transceivers, couplers, low noise amplifiers, duplexers, etc.
  • the RF circuit 202 may also communicate with other devices through wireless communication.
  • the wireless communication may use any communication standard or protocol, including but not limited to, global system for mobile communications, general packet radio service, code division multiple access, wideband code division multiple access, long term evolution, email, short message service, etc.
  • the memory 203 may be used to store application programs and related data.
  • the processor 201 may be configured to perform various functions and data processing of the mobile terminal 200 by running the application programs and the data stored in the memory 203.
  • the memory 203 may include a program storage area and a data storage area.
  • the program storage area can store an operating system and an application program required for at least one function (e.g., an application program for implementing an online shopping function).
  • the data storage area can store data (e.g., products browsing data, order data, etc.) created based on the user of the mobile terminal 200.
  • the memory 203 may include a high-speed random-access memory (RAM), and may also include a non-volatile memory, such as a magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
  • RAM random-access memory
  • non-volatile memory such as a magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices.
  • the memory 203 may store various operating systems.
  • the memory 203 may be independent and connected to the processor 201 through a communication bus.
  • the memory 203 may also be integrated with the processor 201.
  • the touchpad 204-1 may be configured to collect touch operations (which can also be referred to as touch events) on or near the user of the mobile terminal 200, and send the collected touch information to other devices (e.g., the processor 201).
  • touch operations which can also be referred to as touch events
  • other devices e.g., the processor 201
  • the user may use any suitable object such as a finger, a stylus, etc. to perform an operation on or near the touchpad 204-1.
  • a user's touch event near the touchpad 204-1 may be referred to as a hovering touch.
  • the hovering touch may indicate that the user does not need to directly touch the touchpad 204-1 in order to select, move, or drag objects (e.g., icons), but the user only needs to be in the vicinity of the device in order to perform the desired function.
  • various types of resistive, capacitive, infrared, and surface acoustic waves can be used to implement the touchpad 204-1.
  • the touchpad 204-1 and the display 204-2 are used as two independent components to realize the input and output function of the mobile terminal 200.
  • the touchpad 204-1 may be integrated with the display 204-2 to realize the input and output functions of the mobile terminal 200.
  • the touch display screen 204 is formed by stacking multiple layers of materials. Only the touch panel (layer) and the display screen (layer) are shown in FIG. 2A , and other layers are not described in FIG. 2A .
  • the mobile terminal 200 may also include a fingerprint recognition function.
  • a fingerprint collection device 212 may be arranged on the back of the mobile terminal 200 (e.g., under the rear camera), or the fingerprint collection device 212 may be arranged on the front of the mobile terminal 200 (e.g., under the touch display screen 204).
  • the fingerprint collection device 212 may be arranged in the touch display screen 204 to realize the fingerprint recognition function. That is, the fingerprint collection device 212 may be integrated with the touch display screen 204 to realize the fingerprint recognition function of the mobile terminal 200.
  • the fingerprint collection device 212 may be arranged in the touch display screen 204, and may be a part of the touch display screen 204 or may be arranged in the touch display screen 204 in other ways.
  • the main component of the fingerprint collection device 212 may be a fingerprint sensor, and the fingerprint sensor may adopt any type of sensing technology, including but not limited to optical, capacitive, piezoelectric, or ultrasonic sensing technologies.
  • the mobile terminal 200 may further include a Bluetooth device 205 for realizing data exchange between the mobile terminal 200 and other short-range devices (e.g., mobile phones, smart watches, etc.). More specifically, the Bluetooth device 205 may be an integrated circuit or a Bluetooth chip.
  • the mobile terminal 200 may also include at least one sensor 206, such as an optical sensor, a motion sensor, and other sensors.
  • the optical sensor may include an ambient light sensor and a proximity sensor.
  • the ambient light sensor can adjust the brightness of the display of the touch display screen 204 based on the brightness of the ambient light.
  • the proximity sensor can turn off the power of the display when the mobile terminal 200 is moved to the ear.
  • an accelerometer sensor can detect the magnitude of acceleration in all directions (generally three axes), detect the magnitude and direction of gravity when it is stationary.
  • the accelerometer sensor can be used for applications that recognize the attitude of the mobile phone (e.g., horizontal and vertical screen switching, related games, magnetometer attitude calibration), and vibration recognition related functions (e.g., pedometer, tap), etc.
  • the mobile terminal 200 may also be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, etc., which will not be described in detail here.
  • the Wi-Fi device 207 can be used to provide the mobile terminal 200 with network access following the Wi-Fi related standard protocol.
  • the mobile terminal 200 may access the Wi-Fi access point through the Wi-Fi device 207, thereby assisting the user to receive and send data, such as sending and receiving emails, browsing the web, and accessing streaming media, etc. This provides the user with wireless broadband Internet access.
  • the Wi-Fi device 207 may also act as a Wi-Fi wireless access point, and may provide Wi-Fi network access for other devices.
  • the positioning device 208 may be used to provide the mobile terminal 200 with geographic location information. It should be understood that the positioning device 208 may be a receiver of a positioning system, such as the global positioning system (GPS), the Beidou satellite navigation system, the Russian GLONASS, etc. After receiving the geographic location information sent by the position system, the positioning device 208 may, for example, send the information to the processor 201 for processing, or send the information to the memory 203 for storage. In some embodiments, the positioning device 208 may also be a receiver of an assisted global positioning system (AGPS). The AGPS may act as an auxiliary server to assist the position device 208 to complete ranging and positioning services.
  • AGPS assisted global positioning system
  • the assisted positioning server may provide positioning assistance by communicating with a device such as a positioning device 208 (e.g., a GPS receiver) of the mobile terminal 200 over a wireless communication network.
  • the positioning device 208 may also be a positioning technology based on a Wi-Fi access point. Since each Wi-Fi access point has a globally unique media access control (MAC) address, when the Wi-Fi is turned on, the terminal device may scan and collect the broadcast signals of the surrounding Wi-Fi access points to obtain the MAC addresses broadcast by the Wi-Fi access points. The terminal device may send the data (e.g., the MAC addresses) that can identify the Wi-Fi access points to a location server through the wireless communication server. The location server may retrieve the geographic location of each Wi-Fi access point, and combine the strength of the Wi-Fi broadcast signal to calculate the geographic location of the terminal device and send it to the positioning device 208 of the terminal device.
  • MAC media access control
  • the audio circuit 209 may be a speaker and a microphone for providing an audio interface between the user and the mobile terminal 200.
  • the audio circuit 209 may convert the received audio data into electrical signals, and transmit the electrical signals to the speaker to convert the electrical signals into sound signals for output.
  • the microphone may convert the collected sound signals into electrical signals, which may be received by the audio circuit 209 to converted into audio data.
  • the audio data may be output to the RF circuit 202 for transmission to, for example, another device, or to the memory 203 for further processing.
  • the peripheral interface 210 may be used to provide various interfaces for external input/output devices (e.g., keyboards, mouses, external displays, external memories, subscriber identification module cards, etc.).
  • a mouse can be connected through a universal serial bus (USB) interface
  • a subscriber identification module (SIM) provided by a telecom provider can be through the metal contacts on the card slot of the SIM.
  • SIM subscriber identification module
  • the peripheral interface 210 may be used to couple the external input/output peripherals to the processor 201 and the memory 203.
  • the mobile terminal 200 may also include a power device 211 (such as a battery and a power management chip) for supplying power to various components.
  • a power device 211 such as a battery and a power management chip
  • the battery may be logically connected to the processor 201 through the power management chip, such that the functions of charging and discharging management and power consumption management can be realized through the power supply 211.
  • FIG. 2B is a schematic diagram of an application system implementing the resource management method provided by some embodiments of the present disclosure.
  • the application system may include a terminal device 221, a network 222, and a server 223.
  • the terminal device 221 may be the illustrated mobile terminal or a fixed terminal, configured to perform data transmission with the server 223 through the network 222.
  • Various applications may also be installed on the terminal device 221, such as shopping applications, web browsing applications, video playback applications, news applications, etc.
  • the terminal device 221 may include an input/output device, such that the terminal device 221 can receive user operations, such as receiving the user's touch and gesture operations through the touch display screen, or receiving the user's voice operation through a microphone. Then, the terminal device 221 may generate a request message based on the received operation. Through the network 222, the terminal device 221 may send the request message to the server 223, and receive the data returned by the server 223 in response to the request message.
  • the terminal device 221 may be in the form of hardware or software. When the terminal device 221 is in the form of hardware, it can be various devices that have a display and supports programs running thereon. As described above, the terminal device 221 may be the illustrated mobile terminal, such as the mobile terminal having the components described above in conjunction with FIG. 2A . As other examples, the terminal device 221 may also be a smart TV, a tablet computer, an e-book reader, a moving picture experts group audio layer IV (MP4) player, a laptop computer, a desktop computer, etc.
  • MP4 moving picture experts group audio layer IV
  • the terminal device 221 When the terminal device 221 is in the form of software, it may be installed in the electronic devices listed above, and it may be implemented as a plurality of software or software modules (e.g., software or software modules for providing distributed services), or it may be implemented as a single software or software module, which is not limited in the embodiments of the present disclosure.
  • the network 222 may be a wired network or a wireless network, which is not limited in the embodiments of the present disclosure.
  • the server 223 may be a server that provides various services, such as receiving the data stream sent by the terminal device 221 and performing buffering.
  • the server 223 may also receive the request message sent by the terminal device 221, analyze the request message, and send the analysis result (e.g., a data stream corresponding to the request message) to the terminal device 221.
  • Different servers may be arranged based on different application types.
  • the server 223 may be an instant message server, a payment application server, an information display application server, a resource management server, etc. It should be understood that the numbers of terminal device 221, network 222, and server 223 shown in FIG. 2B are only illustrative. Based on the application scenarios, there can be any number of terminal devices, networks, and servers.
  • root key here is an example of the important resources stored by the SE subsystem, and other important information can also be stored in the SE subsystem.
  • the term "root key” is not unique, as long as it can be used as a relatively important key or a related term for deriving other keys.
  • FIG. 3 is a flowchart of a resource management method 300 according to an embodiment of the present disclosure. The method will be described in detail below.
  • Performing access control on resources may include determining whether to allow to deny access to resources in the SE subsystem in response to the chip lifecycle state the system is currently in. Accordingly, the security of resources stored in the SE can be improved at various stage of the chip.
  • resources such as the root keys can be isolated from other less secure subsystems such as the REE subsystem and the TEE subsystem. Accordingly, while ensuring the normal implementation of application functions, the use of resources such as the root key can be controlled, thereby avoiding resource leakage during the use of the root key (e.g., payment verification based on the root key etc.).
  • performing access control on the resource based on the current chip lifecycle state of the security architecture system may include obtaining an access instruction for a resource.
  • Performing access control on the resource may further include determining whether to allow access to the resource based on whether the access authority of the resource's access instruction matches the current chip lifecycle state of the security architecture system. That is, for the resources stored in the SE subsystem, when there is a need to use them, an access instruction for the resources to be used can be sent to the SE subsystem. For example, whether or not to allow access to the resource may be determined by a firmware program in the SE subsystem based on whether the access authority of the access instruction matches the current chip lifecycle state of the security architecture system.
  • the access authority of the access instruction does not match the current chip lifecycle state of the security architecture system, the access can be denied.
  • the processes for determining whether the access authority of the access instruction matches the chip lifecycle state that the security architecture system is currently in will be described below in conjunction with the specific forms for the N chip lifecycle states.
  • the basic logic of the business is implemented in the REE subsystem.
  • This logic may include basic processes of browsing products, selecting products, submitting orders, etc.
  • the business process will move to the TEE subsystem.
  • the business process may include verifying the payment environment, displaying the payment information, the user inputting the payment key or verifying the fingerprint, etc.
  • the TEE subsystem sends the transaction information the SE subsystem.
  • the SE subsystem signs the transaction and sends the signature to the TEE subsystem.
  • the TEE subsystem directly forwards the signature to the REE subsystem.
  • the REE subsystem completes the interaction with the payment center.
  • the SE subsystem signing the transaction may need to use the root key stored in the SE subsystem and associated with the user's payment. Therefore, prior to signing, the SE subsystem needs to determine whether access to the root key is permitted based on whether the access authority to the root key matches the current chip lifecycle state of the security architecture system. If there is a match, the access can be allowed, otherwise, the access can be denied. Accordingly, the security of the root key can be improved based on the lifecycle state of the chip, and the signature operation with potential security can be avoided.
  • multiple lifecycle states are involved during use. These include the chip manufacturing state, the device manufacturing state, and the user management state. In addition, during use, some faults may be found in the device, and the device needs to be returned to the factory for maintenance.
  • the access authority to all or some of the resources stored in the SE subsystem may be different.
  • the resources stored in the SE subsystem may be the root key corresponding to the chip manufacturer, the root key corresponding to the whole machine manufacturer, and the root key corresponding to the user.
  • the access authorities of the three types of root keys may correspond to the chip manufacturing state, device manufacturing state, and user management state, respectively.
  • the root key corresponding to the chip manufacturer may be written into the SE subsystem by the chip manufacturer during the chip manufacturing state.
  • the root key corresponding to the whole machine manufacturer may be written into the SE subsystem by the whole machine manufacturer during the device manufacturing state.
  • the root key corresponding to the user may be generated by the user during the user management state.
  • Different root keys may be used in different usage states of the device, and there is a need to restrict each lifecycle state to avoid resource leakage without the corresponding access authority.
  • the user in the user management state, the user generally only has the authority to access the root key corresponding to the user, and does not have the authority to access the root key corresponding to the chip manufacturer or the root key corresponding to the whole machine manufacturer. If the user's access authority to various resources in the SE subsystem is not restricted based on the lifecycle state, the user may be attacked in the process of accessing the root key corresponding to the user and reduce the security of other important resources.
  • the N chip lifecycle states may be set as a chip manufacturing state (CM), a device manufacturing state (DM), and a user management state (UM).
  • the chip lifecycle states may further include a DM return state (denoted as DM_RMA) and a CM return state (denoted as CM_RMA).
  • DM_RMA DM return state
  • CM_RMA CM return state
  • the N chip lifecycle states of CM, DM, UM, DM_RMA, and CM_RMA will be used as specific examples.
  • the resource management method described with these specific examples can be similarly applied to other scenarios, which are not limited in the embodiments of the present disclosure.
  • the access authorities to resources in the SE subsystem may be different.
  • the debugging permissions of the chip may be turned on.
  • the debugging interfaces of some internal resources of the chip may be turned off.
  • the UM state all the chip debugging interfaces may be turned off.
  • the current chip lifecycle state of the security architecture system may be recorded by programming the memory. Accordingly, in the process of using the chip, the currently chip lifecycle state of the security architecture system can be switched in the order of the CM state, the DM state, the UM state, the DM_RMA state, and the CM_RMA state.
  • the switching can only be performed strictly in the order listed above.
  • the switching cannot jump to the next state or switch back to the previous state. Accordingly, the switching of the chip state is made in line with the use process of the chip, which can prevent the chip from switching from the UM state to the DM state during use, thereby avoiding the leakage of resources that can be accessed in the DM state but cannot be accessed in the UM state.
  • a one-time programming memory (such as OTP/efuse) may be used to record the current chip lifecycle state in a hardware manner.
  • OTP/efuse Each bit in the OTP/efuse can only be programmed once.
  • different lifecycle states may be represented by programming different bits to ensure that the lifecycle state will not return to the previous state.
  • the hardware may automatically detect whether the current lifecycle state is adjacent in sequence to the lifecycle state to be switched to. If the current lifecycle state is adjacent in sequence to the lifecycle state to be switched to, the programming can be allowed, otherwise, the programming request can be discarded. This ensures that the current chip lifecycle state of the security architecture system is switched in the order of the CM state, the DM state, the UM state, the DM RMA state, and the CM_RMA state.
  • the resource management method may further include using memory devices, status bits, identifiers, etc. to record the current chip lifecycle state of the security architecture system.
  • FIG. 4 is a schematic diagram of a lifecycle state switching process according to an embodiment of the present disclosure. As shown in FIG. 4 , the five chip lifecycle states will be switched one by one in the order of CM, DM, UM, DM RMA, and CM_RMA.
  • the access authorities to the resources stored in the SE subsystem may be associated with the five chip lifecycle states. More specifically, as shown in FIG. 4 , the CM and CM RMA states have the chip-level access authority, the DM and DM RMA states have the manufacturer-level access authority, and the UM state has the user-level access authority.
  • the root key corresponding to the chip manufacturer may be written into the SE subsystem by the chip manufacturer during the chip manufacturing state.
  • the root key corresponding to the whole machine manufacturer may be written into the SE subsystem by the whole machine manufacturer during the device manufacturing state.
  • the root key corresponding to the user may be generated by the user during the user management state. Therefore, when the current chip lifecycle state is the UM state, there should be no authority to access the root keys corresponding to the chip manufacturer and the whole machine manufacturer.
  • the resource management method may further include obtaining a switching instruction for switching the state of the current chip lifecycle state of the security architecture system.
  • the resource management method may further include performing authority switching verification for the switching instruction, and determining whether to perform state switching based on the result of the authority switching verification.
  • the requester of the state switching may also be requested to perform authority verification to ensure the stability of the state switching. For example, for the state switching request to enter the DM_RMA state and the CM_RMA state, authority verification may need to be performed to ensure that only the whole machine manufacturer can switch to the DM RMA state and only the chip manufacturer can switch to the CM RMA state.
  • the switching instruction may be a request signal from another device, and the other device may correspond to a chip manufacturer's device.
  • the state switching authority verification may include hardware verification in a one-time programming memory such as OTP/efuse.
  • the requester of the lifecycle state switch may continuously write multiple keys to the address provided by the processor to verify the authority without interruption.
  • the hardware may be configured to automatically compare the multiple keys written by the requester and the verification key stored in the SE subsystem for a match. If there is match, the hardware may correspond to the switch request to switch to, for example, the DM_RMA state, otherwise, the hardware may ignore the switch request to switch the lifecycle state.
  • the verification key used for DM RMA may be written by the whole machine manufacturer to ensure that only the whole machine manufacturer has the authority to switch to the DM RMA state.
  • the security architecture system may include M debugging interfaces.
  • Each debugging interface may be used to access or modify the resources for processing certain components, where M is an integer greater than or equal to 1.
  • obtaining the access instruction for the resource may include obtaining the access instruction for the resource from a debugging interface belonging to one of the M debugging interfaces.
  • the debugging interface belonging to one of the M debugging interfaces is represented as a current debugging interface.
  • a debugging interface allowing resource access in the lifecycle state of the chip may be respectively arranged.
  • the debugging interface may refer to the realization of resource access through the hardware interface. If the resource access authorities of the debugging interfaces are not managed, security attackers may use these debugging interfaces to obtain some internal information during the operation of the chip, resulting in leakage of sensitive information, and other security mechanisms will be compromised. Therefore, through the verification of the current chip lifecycle state, the debugging requirements of the chip can be met, and the security of the security of the internal resources of the chip can be ensured. In addition, existing interfaces are being used to achieve new functions.
  • access authorities may be set for each debugging interface based on different chip lifecycle states.
  • the permission of all debugging interfaces of the chip may be open.
  • some debugging interfaces for the internal resources of the chip may be closed.
  • the UM state all debugging interfaces may be closed.
  • some permissions for accessing the debugging interface e.g., denoted as a first debugging interface
  • a first debugging interface corresponding to the chip manufacturer's root key
  • an address range of the resources allowed to be accessed in the chip lifecycle states may be respectively set.
  • performing access control on the resource based on the current chip lifecycle state of the security architecture system may include allowing access to the resource in response to the resource's address being in the address range of the resource that is allowed to be accessed in the current chip lifecycle state of the security architecture system.
  • Performing access control on the resource may also include denying access to the resource in response to the resource's address not being in the address range of the resource that is allowed to be accessed in the chip lifecycle state that the security architecture system is currently in.
  • the address of the resource that can be access in each chip lifecycle state may be recorded by the firmware in the SE subsystem. Verification may be performed based on the address of the resource being accessed and the current chip lifecycle state. As such performing verification based on the current state in a software manner to improve the security of the accessed resource.
  • the firmware may record the address range of the resources that can be accessed in chip lifecycle state of each chip. If the address of the requested resource is in the address range of the resources that can be accessed in the chip lifecycle state, then access to the requested resource can be allowed.
  • the first address range corresponds to the resources that are allowed to be accessed in the CM and the CM RMA states
  • the second address range corresponds to the resources that are allowed to be accessed in the DM and the DM RMA states
  • the third address range corresponds to the resources that are allowed to be accessed in the UM state. If the address of the resource corresponding to the access instruction is in the first address range, and the chip lifecycle state is in the DM state, access to the resource based on the access instruction may be denied.
  • partial overlapping ranges may exist between the three address ranges, for example, there may be overlapping address ranges between the first address range and the second address range.
  • performing access control on the resource based on the current chip lifecycle state of the security architecture system may include allowing access to the resource if one or more resource lifecycle states corresponding to the resource matching the current chip lifecycle state of the security architecture system.
  • Performing access control on the resource also includes denying access to the resource in response to one or more resource lifecycle states corresponding to the resource not matching the chip lifecycle state that the security architecture system is currently in.
  • the resources in the SE subsystem may be identified as one of the resource lifecycle states.
  • the five resource lifecycle states may be respectively represented as the first state, the second state, the third state, the fourth state, and the fifth state.
  • These five resource lifecycle states may correspond to the five chip lifecycle states in a one-to-one relationship. If the identifier of the resource corresponding to the access instruction indicates that the resource corresponds to the first state, and the current chip lifecycle state is in the UM state, then the access to the resource based on the access instruction may be denied.
  • the resource may include a plurality of root keys
  • the security architecture system may include the REE subsystem, the TEE subsystem, and the SE subsystem. That is, corresponding to the application scenario shown in FIG. 1 .
  • the resource management method may include obtaining a key derivation request from the REE subsystem or the TEE subsystem.
  • the key derivation request includes key identifier information, which may be used to request the SE subsystem to perform key derivation by using the root key corresponding to the key identifier information in the plurality of root keys.
  • the method may further include allowing key derivation using the root key corresponding to the key identifier information in response to the access authority for the root key corresponding to the key identifier information matching the current chip lifecycle state.
  • the method may further include denying key derivation using the root key corresponding to the key identifier information in response to the access authority for the root key corresponding to the key identifier information not matching the current chip lifecycle state.
  • the above embodiment relates to an application scenario in which the REE subsystem or the TEE subsystem requests use of the root key stored in the SE subsystem for key derivation when the security architecture system includes the REE subsystem, the TEE subsystem, and the SE subsystem.
  • the REE subsystem or the TEE subsystem does not have the authority of directly use the root key stored in the SE subsystem.
  • the REE subsystem or the TEE subsystem needs to send a key derivation request to the SE subsystem to request the SE subsystem to use the root key corresponding to the key identifier information carried in the key derivation request.
  • the SE subsystem may first determine the current chip lifecycle state to determine whether the root key being requested matches the current chip lifecycle state, and allow the requested operation if there is a match. For example, assume that the requested root key is the root key corresponding to the chip manufacturer, which can only be accessed in the CM and the CM RMA states, but the current chip lifecycle state of the system is the UM state, then the key derivation request can be rejected.
  • FIG. 5 is a flowchart of the resource management method in a payment application scenario.
  • basic services such as browsing products, selecting products, and submitting orders may be realized in the REE subsystem first.
  • the REE subsystem may send a trusted service request to the TEE subsystem, such that the business process moves to the TEE subsystem to realize processes such as verifying payment environment, displaying payment information, user inputting the payment key or verifying fingerprints, etc.
  • the TEE subsystem may request the root key stored in the SE subsystem to verify the transaction information, such as requesting the payment root key stored in the SE subsystem to verify the payment key input by the user.
  • the SE subsystem may determine the current chip lifecycle state, such as being in the UM state, and determine whether the requested payment root key access authority matches the current UM state. If the requested payment root key access authority matches the current UM state, access to the root key can be allowed for the corresponding payment verification.
  • the methods of determining whether the access authority of the requested payment root key matches the current UM state may be based on the resource address range, the resource lifecycle state, etc. described above, which will not be repeated here.
  • the SE subsystem may return the verification result to the TEE subsystem, and the TEE subsystem may return the relevant data to the REE subsystem to complete the interaction with the payment center by the REE subsystem. Therefore, the resource management method shown in FIG. 5 can improve the security of the root key based on the lifecycle state of the chip, and avoid the signature operation with potential security risks.
  • the security of important resources stored in the SE subsystem can be ensured based on the lifecycle state set for the security architecture system. Further, by implementing the resource management method provided by the embodiments of the present disclosure, important resources such as root keys stored in the SE subsystem can have a higher security level in each lifecycle state of the terminal, thereby avoiding security risks such as leakage of important information.
  • improving the security of the terminal device is beneficial to enrich the application scenarios of the device.
  • programs with high security requirements can also be installed in personal mobile phones and the corresponding functions can be implemented to ensure user information security and help build a safe and reliable environment for product usage.
  • the computing device may include a security architecture system.
  • the security architecture system may include a secure element subsystem.
  • the security architecture system may be configured with N chip lifecycle states, where N is an integer greater than 1.
  • the secure element subsystem may store resources, and the access authorities of the resources may be associated with the N chip lifecycle states.
  • FIG. 6 is a schematic block diagram of a computing device 1000 according to some embodiments of the present disclosure.
  • the computing device 1000 includes a processing unit 1010.
  • the processing unit 1010 may be configured to perform access control on resources based on the chip lifecycle state that the security architecture system is currently in, where the chip lifecycle state that the security architecture system is currently in belonging to one of the N chip lifecycle states.
  • the computing device may be the mobile terminal described in conjunction with FIG. 2A
  • the processing unit 1010 may be the processor 201 of the mobile terminal 200.
  • the processor may be configured to use various interfaces and lines to connect the various functional units of the device, run or execute software programs and/or modules stored in the memory, and call data stored in the memory to perform various functions and process data.
  • the processing unit 1010 may be implemented as one or more processor cores.
  • the processing unit may integrate an application processor and a modem processor, where the application processor mainly handles the operating system, user interface, and application programs, and the modem processor mainly handles wireless communication. It should be understood that, the modem processor may not be integrated into the processing unit 1010.
  • the computing device may also be other types of computing devices, such as a desktop computer capable of installing application programs and displaying application icons, a tablet computer, a personal computer (PC), a personal digital assistant (PDA), a smart watch, a netbook, a wearable electronic device, an augmented reality (AR) device, etc.
  • a desktop computer capable of installing application programs and displaying application icons
  • a tablet computer a personal computer (PC)
  • PDA personal digital assistant
  • smart watch a netbook
  • a wearable electronic device augmented reality (AR) device, etc.
  • AR augmented reality
  • the computing device 1000 may further include a receiving unit 1020.
  • the receiving unit 1020 may be configured to obtain an access instruction for the resource.
  • the processing unit 1010 may be configured to determine whether to allow access to the resource based on whether the access authority of the access instruction for the resource match the chip lifecycle state the security architecture system is currently in.
  • the receiving unit 1020 may be implemented as a communication line or an interface device for implementing data transmission, which is not limited in the embodiments of the present disclosure. In some embodiments, some or all of the receiving unit 1020 may be integrated in the processing unit.
  • the security architecture system may include M debugging interfaces, each debugging interface being used to access resources stored in the secure element subsystem, M being an integer greater than or equal to 1.
  • the receiving unit 1020 may be configured to obtain the access instruction for the resource from a debugging interface belonging to one of the M debugging interfaces, the debugging interface belonging to one of the M debugging interfaces being represented as a current debugging interface.
  • a debugging interface allowing resource access in the lifecycle state of the chip may be respectively arranged.
  • the processing unit 1010 may be configured to allow access to the resource through the current debugging interface in response to the current debugging interface being a debugging interface that is accessible in the current chip lifecycle state of the security architecture system.
  • the processing unit 1010 may also be configured to deny access to the resource through the current debugging interface in response to the current debugging interface not being a debugging interface that is accessible in the current chip lifecycle state of the security architecture system.
  • an address range of the resources allowed to be accessed in the chip lifecycle states may be respectively set.
  • the processing unit 1010 may be configured to allow access to the resource if the resource's address being in the address range of the resource that is allowed to be accessed in the current chip lifecycle state of the security architecture system; and deny access to the resource if the resource's address not being in the address range of the resource that is allowed to be accessed in the current chip lifecycle state of the security architecture system.
  • the resource may include a plurality of root keys
  • the security architecture system may also include a REE subsystem and a TEE subsystem.
  • the receiving unit 1020 of the computing device 1000 may be configured to obtain a key derivation request from the REE subsystem or the TEE subsystem.
  • the key derivation request includes key identifier information, which may be used to request the SE subsystem to perform key derivation by using the root key corresponding to the key identifier information in the plurality of root keys.
  • the chip lifecycle state that the security architecture system is currently in may be recorded by programming the memory. Accordingly, in the process of using the chip, the currently chip lifecycle state of the security architecture system can be switched in the order of the CM state, the DM state, the UM state, the DM_RMA state, and the CM_RMA state.
  • the receiving unit 1020 may be configured to obtain a switching instruction for switching the state of the chip lifecycle state that the security architecture system is currently in.
  • the processing unit 1010 may be further configured to perform authority switching verification for the switching instruction, and determine whether to perform state switching based on the result of the authority switching verification.
  • FIG. 7 is a schematic block diagram of a computing equipment 2000 according to an embodiment of the present disclosure.
  • the computing equipment 2000 includes a processor 2010 and a memory 2020.
  • computer-readable codes can be stored in the memory 2020.
  • the computer-readable codes stored in the memory 2020 that, when executed by the processor 2010, can implement the resource management method described above.
  • the processor 2010 may be configured to perform various actions and processes according to the programs stored in the memory 2020, thereby realizing or executing various methods, processors, and logical block diagrams provided by the embodiments of the present disclosure.
  • the processor 2010 may be an integrated circuit chip having signal processing capabilities.
  • the processor may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a ready-made programmable gate array (FPGA) or other programmable logic devices, a discrete gate or a transistor logic device, and a discrete hardware component.
  • the general-purpose processor may be a microprocessor, or the processor may also be any conventional processor, etc., and can be X86 architecture or ARM architecture, etc.
  • the memory 2020 can store computer executable instruction codes which are used to implement the key management method according to the embodiments of the present disclosure when executed by the processor 2010.
  • the memory 2020 may be a volatile memory, a nonvolatile memory, or may include both volatile memory and nonvolatile memory.
  • Nonvolatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory.
  • ROM read-only memory
  • PROM programmable read-only memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory or flash memory.
  • the volatile memory may be a random-access memory (RAM), which is used as an external cache.
  • RAMs are available, such as static random-access memory (SRAM), dynamic random-access memory (DRAM), synchronous dynamic random-access memory (SDRAM), double data rate synchronous dynamic random-access memory (DDRSDRAM), enhanced synchronous dynamic random-access memory (ESDRAM), synchronously connected dynamic random-access memory (SLDRAM) and direct memory bus random-access memory (DR RAM).
  • SRAM static random-access memory
  • DRAM dynamic random-access memory
  • SDRAM synchronous dynamic random-access memory
  • DDRSDRAM double data rate synchronous dynamic random-access memory
  • ESDRAM enhanced synchronous dynamic random-access memory
  • SLDRAM synchronously connected dynamic random-access memory
  • DR RAM direct memory bus random-access memory
  • the resource management method or resource management device may also be implemented by means of an architecture of a computing equipment 3000 shown in FIG. 8 .
  • the computing equipment 3000 may include bus 3010, one or more CPUs 3020, read-only memory (ROM) 3030, random access memory (RAM) 3040, communication port 3050 connected to the network, input/output component 3060, hard disk 3070, etc.
  • the storage device in the computing equipment 3000 such as ROM 3030 or hard disk 3070, may store various data or files used for processing and/or communication of the resource management method provided by the present disclosure, as well as program instructions executed by the CPU.
  • the computing equipment 3000 may also include a user interface 3080.
  • the architecture shown in FIG. 8 is only exemplary, when implementing different devices, one or more components of the computing device shown in FIG. 8 may be omitted according to the system requirements.
  • the computing equipment 3000 described above may be implemented as a mobile terminal installed with an application program, and the security architecture system of the mobile terminal may include the SE subsystem.
  • important resources such as root keys stored in the SE subsystem can have a higher security level in each lifecycle state of the terminal, thereby avoiding potential security risks such as leakage of important information.
  • improving the security of the terminal device is beneficial to enrich the application scenarios of the device.
  • programs with high security requirements can also be installed in personal mobile phones and the corresponding functions can be implemented to ensure user information security and help build a safe and reliable environment for product usage.
  • instructions such as computer-readable instructions 4010 can be stored in the non-transitory computer-readable storage medium 4020.
  • the computer-readable instructions 4010 when executed by a processor, can perform the resource management method described in the foregoing embodiments.
  • the computer-readable storage medium may include, but is not limited to, volatile memory and/or non-volatile memory.
  • the volatile memory may include random-access memory (RAM) and/or cache memory, etc.
  • the non-volatile memory may include read-only memory (ROM), hard disk, flash memory, etc.
  • the computer-readable storage medium 4020 may be connected to a computing device such as a computer, and then, with the computing device running the computer-readable instructions 4010 stored on the computer-readable storage medium 4020, the resource management method described above can be performed.
  • the present disclosure further provides a computer program product or a computer program.
  • the computer program product or the computer program includes computer-readable instructions stored in a computer-readable storage medium.
  • the processor of the computer device can read the computer-readable instructions from the computer-readable storage medium, and the processor can execute the computer-readable instructions, such that the computer device can execute the resource management method described in the foregoing embodiments.
  • access to the resource can be controlled based on the chip lifecycle state that the security architecture system is currently in. Accordingly, important resources such as root keys stored in the SE subsystem have a higher level of security in each life stage of the product, thereby avoiding security risks such as leakage of important information.
  • the present disclosure makes various references to certain units in the system according to the embodiments of the present disclosure, any number of different units can be used and run on the client and/or server.
  • the unit is merely illustrative and different units can be used for different aspects of the system and method.
EP22209122.5A 2021-11-24 2022-11-23 Procédé de gestion de ressources, dispositif informatique, équipement informatique et support de stockage lisible Pending EP4187420A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111398406.6A CN113821841B (zh) 2021-11-24 2021-11-24 资源管理方法、计算装置、计算设备和可读存储介质

Publications (1)

Publication Number Publication Date
EP4187420A1 true EP4187420A1 (fr) 2023-05-31

Family

ID=78919789

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22209122.5A Pending EP4187420A1 (fr) 2021-11-24 2022-11-23 Procédé de gestion de ressources, dispositif informatique, équipement informatique et support de stockage lisible

Country Status (3)

Country Link
US (1) US20230177196A1 (fr)
EP (1) EP4187420A1 (fr)
CN (1) CN113821841B (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116756781A (zh) * 2023-08-23 2023-09-15 菁音核创科技(厦门)有限公司 一种芯片的加密保护方法、装置、设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110990331A (zh) * 2019-12-03 2020-04-10 天津飞腾信息技术有限公司 片上系统密钥管理方法、装置、设备及可读存储介质
WO2021007162A1 (fr) * 2019-07-09 2021-01-14 Ares Technologies, Inc. Appareil matériel informatique sécurisé et procédés de fabrication d'un appareil matériel informatique sécurisé
EP3772008A1 (fr) * 2019-07-31 2021-02-03 Data I/O Corporation Programmation de dispositif avec génération de système
CN113449346A (zh) * 2021-09-01 2021-09-28 飞腾信息技术有限公司 微处理器、数据处理方法、电子设备和存储介质

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100539804B1 (ko) * 2003-12-29 2006-01-10 엘지전자 주식회사 텔레매틱스 단말기의 절전모드 구현 장치와 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021007162A1 (fr) * 2019-07-09 2021-01-14 Ares Technologies, Inc. Appareil matériel informatique sécurisé et procédés de fabrication d'un appareil matériel informatique sécurisé
EP3772008A1 (fr) * 2019-07-31 2021-02-03 Data I/O Corporation Programmation de dispositif avec génération de système
CN110990331A (zh) * 2019-12-03 2020-04-10 天津飞腾信息技术有限公司 片上系统密钥管理方法、装置、设备及可读存储介质
CN113449346A (zh) * 2021-09-01 2021-09-28 飞腾信息技术有限公司 微处理器、数据处理方法、电子设备和存储介质

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MURUGIAH SOUPPAYA: "Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases NIST IR 8320", 29 September 2020 (2020-09-29), pages 1 - 94, XP061073117, Retrieved from the Internet <URL:https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8320.pdf> [retrieved on 20221231], DOI: 10.6028/NIST.IR.8320 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116756781A (zh) * 2023-08-23 2023-09-15 菁音核创科技(厦门)有限公司 一种芯片的加密保护方法、装置、设备及存储介质
CN116756781B (zh) * 2023-08-23 2023-11-14 菁音核创科技(厦门)有限公司 一种芯片的加密保护方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN113821841A (zh) 2021-12-21
CN113821841B (zh) 2022-02-25
US20230177196A1 (en) 2023-06-08

Similar Documents

Publication Publication Date Title
CN108632253B (zh) 基于移动终端的客户数据安全访问方法及装置
WO2018228199A1 (fr) Procédé d&#39;autorisation et dispositif associé
US20230161911A1 (en) Security architecture system, security management method, and computing device
US20230161918A1 (en) Key management method, key management device, and computing device
EP3332372A1 (fr) Appareil et procédé permettant des transactions de paiement sécurisées basées sur un environnement d&#39;exécution de confiance
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
CN115643572A (zh) 在局域网内共享数据的方法及电子设备
CN109416800B (zh) 一种移动终端的认证方法及移动终端
WO2017211205A1 (fr) Procédé et dispositif de mise à jour de liste blanche
WO2021169382A1 (fr) Procédé et appareil de test de lien, dispositif électronique et support de stockage
EP4187422A1 (fr) Système d&#39;architecture de sécurité, procédé d&#39;opération cryptographique pour système d&#39;architecture de sécurité et dispositif informatique
US11895105B2 (en) Authenticated interface element interactions
WO2019148397A1 (fr) Stockage de données sensibles décomposées dans différents environnements d&#39;application
EP3764258A1 (fr) Construction d&#39;une application de confiance commune destinée à une pluralité d&#39;applications
WO2019184631A1 (fr) Procédé et appareil de traitement d&#39;informations, support d&#39;informations lisible par ordinateur et terminal
CN110474864B (zh) 一种注册、登录移动应用程序的方法及电子设备
KR102180529B1 (ko) 어플리케이션 접근 제어 방법 및 이를 구현하는 전자 장치
EP4187420A1 (fr) Procédé de gestion de ressources, dispositif informatique, équipement informatique et support de stockage lisible
WO2018153288A1 (fr) Procédé, appareil, dispositif de transfert de valeur numérique et support de stockage
CN110825465B (zh) 日志数据处理方法、装置、电子设备及存储介质
WO2019127468A1 (fr) Application groupée utilisant une même clé pour partager des données
KR20210026233A (ko) 디바이스 리소스에 대한 접근을 제어하기 위한 전자 장치 및 그의 동작 방법
US20230344620A1 (en) Personal private key encryption device
US11775657B2 (en) Systems and methods for enhancing security of device-internal encryption with externally generated entropy
US11836250B2 (en) Identification and mitigation of permissions elevating attack vector

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20231114

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR